USN-5115-1 linux-oem-5.10 vulnerabilities

It was discovered that a race condition existed in the Atheros Ath9k WiFi driver in the Linux kernel. An attacker could possibly use this to expose sensitive information WiFi network traffic. CVE-2020-3702 Ofek Kirzner, Adam Morrison, Benedict Schlueter, and Piotr Krysiuk discovered that the BPF...

CVE-2021-20121

The Telus Wi-Fi Hub PRV65B444A-S-TS with firmware version 3.00.20 is vulnerable to an authenticated arbitrary file read. An authenticated user with physical access to the device can read arbitrary files from the device by preparing and connecting a specially prepared USB drive to the device, and...

Digi RealPort Licensing Issue Vulnerability

Digi RealPort is a proprietary Serial-over-LAN encapsulation protocol. It provides virtual connectivity to serial devices anywhere on the network by encapsulating ICS protocol data in a TCP-based protocol. Authentication is not performed. No details of the vulnerability are currently available...

Digi RealPort 安全漏洞

Digi RealPort is a proprietary Serial-over-LAN encapsulation protocol. It provides virtual connectivity to serial devices anywhere on the network by encapsulating ICS protocol data in a TCP-based protocol.A security vulnerability exists in Digi RealPort that could be exploited by an attacker to...

Digi RealPort 访问控制错误漏洞

Digi RealPort is a proprietary Serial-over-LAN encapsulation protocol. It provides virtual connectivity to serial devices anywhere on the network by encapsulating ICS protocol data in a TCP-based protocol. Authentication is not performed. No details of the vulnerability are currently available...

The vulnerability of the drivers/usb/host/max3421-hcd.c component of the Linux operating system’s kernel lies in the use of memory after it is freed, allowing an attacker to trigger a service failure.

The vulnerability of the Linux operating system’s driver/usb/host/max3421-hcd.c component is related to the use of memory after it has been freed. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

The vulnerability of Linux operating system’s socket ports, related to the use of memory after it is freed, allows attackers to increase their privileges.

The vulnerability of Linux operating system’s serial ports is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to increase their privileges...

CVE-2021-23858

Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial number and the firmware version by another...

Information disclosure

Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial number and the firmware version by another...

CVE-2021-23858 Information disclosure

Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial number and the firmware version by another...

Boston Scientific Zoom Latitude Programmer/Recorder/Monitor Model 3120 数据伪造问题漏洞

The Boston Scientific ZOOM LATITUDE Programmer/Recorder/Monitor PRM Model 3120 is a portable cardiac rhythm management Crm programming system from Boston Scientific, Inc. The Boston Scientific ZOOM LATITUDE Programmer/Recorder/Monitor PRM Model 3120 is vulnerable to a data validation error that...

USN-5096-1 linux-oem-5.13 vulnerabilities

Valentina Palmiotti discovered that the iouring subsystem in the Linux kernel could be coerced to free adjacent memory. A local attacker could use this to execute arbitrary code. CVE-2021-41073 Benedict Schlueter discovered that the BPF subsystem in the Linux kernel did not properly protect again...

grub2: Out-of-bounds write in grub_usb_device_initialize()

A flaw was found in grub2. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the...

CVE-2021-22272

The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker can observe and control a ControlTouch...

CVE-2021-22272 ControlTouch Cloud Service vulnerability: Serial Number can be misused during commissioning phase.

The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker can observe and control a ControlTouch...

ABB Mybuildings 代码问题漏洞

ABB Mybuildings is an innovative solution for smart home systems from ABB Switzerland. A code issue vulnerability exists in ABB Mybuildings that stems from the product allowing the virtual transfer of devices to my.busch-jaeger.de or mybuildings.abb.com by entering a serial number, which can be...

Bab Technologie Gmbh BAB TECHNOLOGIE GmbH eibPort 安全漏洞

Bab Technologie Gmbh BAB TECHNOLOGIE GmbH eibPort is an application from BAB TECHNOLOGIE GmbH Bab Technologie Gmbh, Germany, for managing smart furniture devices. A security vulnerability exists in BAB TECHNOLOGIE GmbH eibPort V3, which stems from a vulnerability in versions prior to 3.9.1 that...

kernel: out-of-bounds write due to a heap buffer overflow in __hidinput_change_resolution_multipliers() of hid-input.c

A flaw out of bounds memory write in the Linux kernel HID subsystem was found in the way user attach USB or other HID device that generates incorrect data inside HID report field. A local user could use this flaw to crash the system or possibly escalate their privileges on the system...

[SECURITY] Fedora 34 Update: condor-8.8.15-1.fc34

HTCondor is a workload management system for high-throughput and high-performance jobs. Like other full-featured batch systems, HTCondor provides a job queuing mechanism, scheduling policy, priority scheme, resource monitoring, and resource management. Users submit their serial or parallel jobs t...

The vulnerability of Schneider Electric’s Modbus Serial Driver for programmable logic controllers is related to errors in processing hypertext links, allowing an attacker to re-write files in the file system.

The vulnerability of Schneider Electric’s Modbus Serial Driver relates to errors in processing hypertext links. Exploiting this vulnerability could allow an attacker to re-record files in the file system...